Layer 2 Network Security

And again, 'Network security is only as strong as the weakest link'. Have you heard it before? I'm sure you'llhear it again. A classic clich' on network security, and still remains true.

Time has passed but did anything change about Layer 2? As a matter of fact, it did! Layer 2 intrinsics functioning may be the same but it could be more vulnerable than before. Auditors continue to look for the procedures book to identify possible risks or flaws, on how vulnerable your network is to the unexpected hacker according to what their auditing manual said.

Truth been told, we are always concerned about our routers, their policies, who have access to it and rule's prevalences order according to the user's manual of our preferred device manufacturer.Probably all this is justified by historical data. At the beginning there was no network, no protocols, no risk. Eventually technology developed and network focuses on the main devices tiding everything up (broadband connections, redundant -dual ISP- routers, etc) and dump devices (as switches, for example) were overlooked.

Have you realized the importance of your switch and its impact on your network? Do you remember the OSI model, its layers and how they interact with each other? Data Link Layer 2 was not built in with security features, plus layers do not share security information with each other so that each layer look for specifics on its security but do not interact with other layers to provide them with feedback of possible security breaches.Well, again, technology has evolved and now manageable switches allows you to take close control of what's taking place on Layer 2, data link.

Security has always focus on checking and double checking the transport, network and application layer but not the data link layer which is commonly attacked by either ARP positioning, MAC flooding, Port Stealing, Denial of Service (DoS), MAC cloning, Hijacking, Multicast Brute Force, Frame Stress attack, etc. ARP (Address Resolution Protocol), a stateless protocol, is responsible for binding MAC addresses with IP addresses. This binding process takes places without any level of security or authentication.

ARP broadcast a request over the network trying to find a target who's MAC address, once identified, is attached to a specific temporal IP address. At this point the identification process is recorded on an ARP cache that converts IP address to MAC address, this is call positioning. Since no authentication mechanism has been activated at this point, a cloned MAC address would easily compromise the system's security.

Several alternatives are widely available to improve layer's 2 security. Intrusion Detection Systems (IDSs) can be configured to listen traffic on the ARP protocol, allowing you to take action over that traffic.

Proper implementation of VLAN's can also provide some additional security on traffic on this Layers. The fact is that network security specialists should pay close attention to Layer 2 when working on new network's designs. This will minimize risk or potential attackers.

If you are interested in Information Security and penetration testing please visit our new security portal at : Arcane Security Portal